MTLS Cloudfront/ApiGateway AWS

Question

Didnt find any material of how to implement Cloudfront + MTLS or Api Gateway + MTLS. Is it possible? If not, is there any alternative to achieve MTLS with CloudFront + ApiGateway?

score 3 · Answer 1 · answered Sep 18 '20 at 08:53

3

The mTLS support for API Gateway was released yesterday. Here is a detailed blog post how to set it up:

https://aws.amazon.com/blogs/compute/introducing-mutual-tls-authentication-for-amazon-api-gateway/

answered Sep 18 '20 at 08:53

am29d

85
5

score 3 · Answer 2 · answered Feb 22 '21 at 21:39

In order to use mTLS you can't use CloudFront. This is because CF does the TLS Termination and doesn't support pass-through to APIGW or other downstream services.

If you wish to use mTLS, you should point your R53 domain name directly to API GW, disable the default endpoint, and add WAF to the API instead.

score 0 · Answer 3 · answered Nov 18 '21 at 10:23

0

mTLS is not supported for Edge-optimized APIs. You can use it with Regional APIs only

answered Nov 18 '21 at 10:23

Ranbir Singh

11
1

4

Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Nov 18 '21 at 13:03

MTLS Cloudfront/ApiGateway AWS

3 Answers3